Communication between key manager and storage subsystem kernel via management console

ABSTRACT

System, computer program product, and method embodiments for communication between a kernel operational on a storage subsystem and a key manager (KM) through a hardware management console (HMC) to provide encryption support are provided. In one embodiment, an event request is initiated by the kernel to the KM to execute an event flow. Pursuant to a communication request by the kernel to the HMC, a socket of the HMC is opened along a communication path between the KM and the kernel according to an event flow type selected by the KM for the event flow. Pursuant to a data request by the kernel to the KM, data including a data payload is sent by the KM to the kernel, the data payload corresponding to the selected event flow type.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation application of copending U.S.application Ser. No. 12/580,140, filed Oct. 15, 2009, now U.S. PublishedApplication US 2011/0093699 published on Apr. 12, 2011, the entirecontents of which are incorporated herein by reference and is reliedupon for claiming the benefit of priority.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates in general to computers, and moreparticularly to a system and method of communication between componentsin a storage system.

2. Description of the Related Art

Computers and computer systems are found in a variety of settings intoday's society. Computing environments and networks may be found athome, at work, at school, in government, and in other settings.Computing environments increasingly store data in one or more storageenvironments apart from the interface that computer users typicallyassociate. In many cases, the storage environments are located acrosswide area networks (WANs), in which data is sent to/received from astorage system located remotely from the host.

Storage systems provide data redundancy and greater capacity forstorage. As data processing and storage needs increase, storage systemsare used with greater frequency. Storage systems contain a variety ofinterconnected components that allow access, control, and communicationbetween a network of storage devices and the host.

SUMMARY OF THE INVENTION

In storage system components such as those in the IBM® DS8000 and DS6000storage systems, communication between the ESSNI (enterprise storageserver network interface) server and the NI (network interface) agentrunning in each central electronic complex (CEC) of a CEC storagecontroller is performed via transport control protocol/internet protocol(TCP/IP) sockets. These sockets are opened at startup time, and theconnection remains active as long as the NI agent is running Thecommunication path is bidirectional. The communication path is used tosend requests from the ESSNI server to a microcode layer that processesthe respective request. Microcode layers use the communication path tosend events to ESSNI client applications.

For requests from ESSNI client applications to a microcode layer thatwill process the request, the NI server will send the request to adevice driver/device adapter (DA) using a Kernel Pipe Interface(K-Pipe). The operating system (OS) will receive the request from thedriver and forward the request to different microcode layers resident ina respective CEC kernel. For events from a microcode layer to the ESSNIclient application that will process the event, the OS will send theevent through the Kernel Pipe Interface to the NI agent. The NI agentwill then route the event to the ESSNI client application through thecommunication path.

To provide encryption support in storage systems such as the DS8000system previously described, the DA kernel level microcode in arespective CEC kernel requires communication with a Key Manager (KM)through a Hardware Management Console (HMC) on which the NI server isoperable. From the CEC kernel, the DA has no knowledge or directcommunication paths to one or more configured KMs or HMCs. However, insituations such as startup, it is necessary for the DA to establishcommunication with the KM. In some storage systems, considerations ofredundancy result in multiple HMCs/KMs in a particular configuration.Any number of these components may be available at any one time.

In light of the foregoing, a need exists for an efficient system andmethod of communication whereby a CEC kernel may initiate communicationswith a KM through a HMC, and whereby configurations of multiple KMs/HMCsmay be accessed, to provide data pursuant to encryption support. Thesystem and method should be compatible with existing standards and makeuse of existing system resources to make an implementationcost-effective and efficient.

Accordingly, various system, computer program product, and methodembodiments for communication between the CEC kernel and the KM througha HMC are provided. In one such embodiment, by way of example only, anevent request is initiated by the kernel to the KM to execute an eventflow. Pursuant to a communication request by the kernel to the HMC, asocket of the HMC is opened along a communication path between the KMand the kernel according to an event flow suborder type selected by thekernel for the event flow. Pursuant to a data request by the kernel tothe KM, data including a data payload is sent by the KM to the kernel,the data payload corresponding to an additional selected event flowsuborder type.

Additional exemplary system, method, and computer program productembodiments are disclosed and provide related advantages.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the advantages of the invention will be readilyunderstood, a more particular description of the invention brieflydescribed above will be rendered by reference to specific embodimentsthat are illustrated in the appended drawings. Understanding that thesedrawings depict only typical embodiments of the invention and are nottherefore to be considered to be limiting of its scope, the inventionwill be described and explained with additional specificity and detailthrough the use of the accompanying drawings, in which:

FIG. 1 is a block diagram of an exemplary computing environment in whichcertain aspects of the present invention may be implemented;

FIG. 2 is a flow chart diagram of an exemplary event flow according tovarious aspects of the present invention; and

FIG. 3 is exemplary program code illustrating a definitional structureand suborder event types for one embodiment of the present invention.

DETAILED DESCRIPTION OF THE DRAWINGS

The illustrated embodiments provide an efficient, novel event type(having multiple sub-event types). This event type facilitates a dataflow initiated and driven by the CEC kernel (specifically the DA-KMmodule operable on the kernel) to communicate with an applicableexternal KM through a HMC's NI to provide encryption support. Oncecommunication is established, a data request made by the kernel to theKM results in the delivery of a data payload. This data payload mayinclude session key information sufficient for the kernel to operate,for example. The data and corresponding data payload may vary accordingto the data request of the kernel and the particular event suborder typeselected by the KM to provide encryption support. The NI receives theinitiated event from the kernel, and facilitates communication to aparticular KM, but retains no knowledge about the event flow. Becausethe NI is not obligated to retain such information, the overall design,structure and execution of the event type are simplified.

FIG. 1 is a block diagram of a portion of a data storage system 10 inwhich the present invention may be implemented. The data storage system10 includes a storage controller or server 12. One of ordinary skill inthe art will appreciate that in additional embodiments, additionalstorage servers 12 may be implemented. Storage server 12 includesattached data storage devices 40. Other storage devices may also beattached to the storage server 12. In one embodiment, the storage server12 may be an IBM® Enterprise Storage Server 12 and includes a processor,memory, and counters as well as appropriate network interfaces as one ofordinary skill in the art will anticipate. The processor is programmedwith instructions stored in the memory for managing I/O operationsrequested by host devices as well as for computing network I/Operformance statistics. The storage devices 40 may be any type ofremovable or fixed physical storage including, without limitation,electronic memory (such as RAM or solid state memory), hard disks, RAIDarrays, tape cartridges, optical discs and other media. Removable mediamay be (but need not be) contained with an automated data storagelibrary.

Kernel 22 is operable on storage server 12 as shown. Kernel 22 includesa CPSSDD module 24 inclusive of a DA-KM module (a subcomponent of theDA) 28, a CLIC module 30, and a DA-ASM module 32, providing deviceadapter control and interface functionality between storage devices 40collectively shown as a grouping of disk drive modules (DDMs).Intercommunication between the CLIC module 30 and the DA-KM module 28 isshown by arrow 36. Similarly, intercommunication between the DA-ASMmodule 32 and the DA-KM module 28 is shown by arrow 34. The DA-ASMmodule 34 provides communication between the CPSSDD module 24 and thegrouping of DDMs 40 as shown by arrow 38. In one embodiment, modules 24,28, 30, and 32 may be implemented in whole, in part, or associated invarious ways with microcode and/or microcode layers in the kernel 22.The microcode layers are used in conjunction with the kernel 22 toexecute tasks, provide communication, interface with other components,and the like as one of ordinary skill in the art will appreciate.

CPSSDD module 24 utilizes Kernel Pipe Interface 20 to providecommunication between the kernel 24 and CPSSDD interface 16. CPSSDDinterface provides an additional communications interface between thekernel 22 and ESSSNI agent 14. ESSNI 14 then provides communicationusing TCP/IP communication link 42 to HMC 44 and NI server 46. As one ofordinary skill in the art will appreciate, HMC 44 includes a number ofcommunication ports/sockets to facilitate the TCP/IP communication 42and 48 through the NI server 46 to the KM 50. To this regard, HMC 44 isadapted for opening and closing a particular communication socketpursuant to such a request. This process will be further describedfollowing. In the depicted embodiment, ESSNI 14 is designated to be anevent receiver. In other words, the ESSNI 14 receives an event (hereinalso described as a call, communication request, data request, etc.)from the CPSSDD module 24 in kernel 22.

One of ordinary skill in the art will appreciate that variations to thedepicted configuration of storage server 12, HMC 44 and KM 50 may beimplemented. For example, in many configurations of storage servers 12,additional servers 12, HMCs 44 and associated KMs 50 may be connectedacross TCP/IP communication paths to provide for redundancy and thelike. Accordingly, the mechanisms of the present invention arecontemplated to apply to configurations of one or several HMCs connectedto one or several KMs across a possible number of communications paths.

Turning now to FIG. 2, an exemplary method 200 for providingkernel-based communication between the kernel and an associated KM in aparticular storage configuration is depicted. Method 200 begins (step202) with a function call from the kernel to the KM to perform the eventflow (step 204). This function call is initiated by the kernel inresponse to certain conditions, such as a startup condition in whichaffiliated storage devices necessitate encryption information (such asthe aforementioned session key information) in order to function.Pursuant to the call from the kernel, the KM begins execution of theevent flow by performing a function call to an EPL library to retrieveprotocol information relating to the event flow type (step 206).

The kernel then provides a configuration request to the NI to obtain alist of all HMCs and KM configured within a particular storage complex(i.e., those storage components affiliated with the kernel in aparticular configuration) (step 208). In response, the NI provides anacknowledgement with a list of all configured HMCs and KMs (step 210).

Once the particular storage configuration is ascertained, the kernelprovides a communication command to close all open communicationssockets on all configured HMCs (step 212). This may be due, in part, toa previous event flow that may have failed warranting a clean up processto be further described. In response, the NI closes all open sockets andprovides an acknowledgement (step 214). The kernel prepares tospecifically contact the KM by providing an additional communicationscommand (“open socket”) to a specified KM through a particular HMC inthe storage complex (step 216). In response, the NI opens the socket tothe particular KM on the specified HMC, and provides an acknowledgement(step 218).

If the acknowledgement received from the HMC indicates that the opensocket operation was a success (step 220), then the method 200 proceedsto step 232 as will be described below. If this is not the case, thenthe kernel changes to the next available TCP/IP communication path (step222) and retries providing the open socket command (again, step 216)where the NI opens the socket and again provides a return acknowledgment(again, step 218). If no working paths are identified (step 224), thenthe KM calls the EPL library with a failure flag to initiate performanceof a clean up operation (step 226). The EPL library performs the cleanup operation and calls the KM callback function with an error (step228). The KM then calls the kernel with this error (step 230), and themethod 200 returns to step 204.

If the open socket is successful as previously described, the method 200proceeds to step 232, where the kernel provides a send data command onthe previously opened socket. In response, the NI sends data, includingdata payload information (which may contain session key information orother payload information pursuant to the event suborder type selectedby the kernel) from the KM through the NI/HMC to the kernel (step 234).If additional data is to be received (step 236), in which additionalsend data requests are sent pursuant to additional event suborder types,then additional data information/data payload information is sent fromthe KM through the NI/HMC to the kernel (again, step 234). Once all ofthe relevant data is retrieved by the kernel from the KM, the kernelprovides a close socket command to close the opened socket (step 238),and pursuant to the close socket request, the NI closes the open socketand provides an acknowledgement (step 240). The kernel then initiatesproviding a backup command to backup the retrieved key information onthe HMC (step 242). The NI backs up the key information to a file, andprovides an acknowledgement (step 244). The method 200 then ends (step246).

Turning now to FIG. 3, exemplary code (using a C style struct) isprovided illustrating an exemplary KM Event definition structure. As oneof ordinary skill in the art will appreciate, the code structureincludes a number of event attributes, including definitional structuresfor several identification values (e.g., HMC, EKM, exchange, unique id).These identification values allow for the network configuration of thestorage server with various HMCs and KMs to be managed by the kernelwith respect to which KM to send a particular event and through whichHMC to reach the KM, etc. Below the definitional structures a payloadcode structure is defined to carry the encryption information (sessionkey, other encryption information) requested by the kernel from the KM.

FIG. 3 also illustrates various event flow suborder types, which may beinitiated and/or selected by the kernel pursuant to an event flow. Forexample, suborder 0x01 may be selected to perform a communicationrequest to open a particular communication path with an EKM (opensocket), while another suborder 0x05 initiates a backup request to storethe key information on the HMC. One of ordinary skill in the art willappreciate that the KM event definitional structure and the event flowsuborder types may vary according to a particular implementation. Invarious embodiments, the KM event definitional structure and subordertypes allow a kernel-initiated communication and encryption supportbetween the kernel and KM through a particular HMC as previouslydescribed.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wired, optical fiber cable, RF, etc., or any suitable combination of theforegoing. Computer program code for carrying out operations for aspectsof the present invention may be written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Java, Smalltalk, C++ or the like and conventionalprocedural programming languages, such as the “C” programming languageor similar programming languages. The program code may execute entirelyon the user's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention have been described with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks. The computer program instructions may also beloaded onto a computer, other programmable data processing apparatus, orother devices to cause a series of operational steps to be performed onthe computer, other programmable apparatus or other devices to produce acomputer implemented process such that the instructions which execute onthe computer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The flowchart and block diagrams in the above figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

While one or more embodiments of the present invention have beenillustrated in detail, one of ordinary skill in the art will appreciatethat modifications and adaptations to those embodiments may be madewithout departing from the scope of the present invention as set forthin the following claims.

1. An method of communication between a kernel operational on a storagesubsystem and a key manager (KM) through a hardware management console(HMC) to provide encryption support, comprising: initiating an eventrequest by the kernel to the KM to execute an event flow; and pursuantto a data request by the kernel to the KM, sending data including a datapayload by the KM to the kernel to provide the encryption support, thedata payload corresponding to an event flow suborder type selected bythe kernel for the event flow.
 2. The method of claim 1, furtherincluding, pursuant to a communication request by the kernel to the HMC,opening a socket of the HMC along a communication path between the KMand the kernel according to an additional event flow suborder typeselected by the kernel for the event flow.
 3. The method of claim 2,further including, previous to opening the socket, closing at least oneof an open socket of the HMC pursuant to an additional communicationrequest by the kernel to the HMC to perform a clean up operation.
 4. Themethod of claim 2, further including, if a test communication along thecommunication path is unsuccessful, closing the socket, and opening anadditional socket of the HMC along an additional communication pathbetween the KM and the kernel to provide the data request.
 5. The methodof claim 1, further including, subsequent to the sending data, closingthe socket.
 6. The method of claim 1, wherein a network interface (NI)of the HMC facilitates transfer of the event request, communicationrequest, and data request from the kernel to the KM without knowledge ofthe event flow.
 7. The method of claim 1, further including, pursuant toa backup request by the kernel to the KM, backing up the data payload onthe HMC.
 8. The method of claim 1, wherein at least one of the HMC andthe KM is selected by the kernel to send at least one of the eventrequest, communication request, and data request of an availableplurality of HMCs and KMs in the storage subsystem.
 9. The method ofclaim 9, further including sending a configuration request to the KM toobtain a configuration list of the available plurality of HMCs and KMsin the storage subsystem.
 10. A system for communication betweencomponents of a storage subsystem to provide encryption support,comprising: a kernel operational on the storage subsystem, a key manager(KM) in communication with the kernel, and a hardware management console(HMC) in communication between the KM and the kernel, wherein thekernel: initiates an event request by the kernel to the KM to execute anevent flow, and provides a data request to the KM, wherein pursuant tothe data request, data including a data payload is sent by the KM to thekernel to provide the encryption support, the data payload correspondingto an event flow suborder type selected by the kernel for the eventflow.
 11. The system of claim 10, wherein the kernel, pursuant to acommunication request by the kernel to the HMC, opens a socket of theHMC along a communication path between the KM and the kernel accordingto an additional event flow suborder type selected by the kernel for theevent flow.
 12. The system of claim 11, wherein the kernel, previous toproviding the communication request to open the socket, provides anadditional communication request to close at least one of an open socketof the HMC to perform a clean up operation.
 13. The system of claim 11,wherein the kernel, if a test communication along the communication pathis unsuccessful, closes the socket, and opens an additional socket ofthe HMC along an additional communication path between the KM and thekernel to perform the providing the data request.
 14. The system ofclaim 10, wherein the kernel, subsequent to data sent by the KM to thekernel, closes the socket.
 15. The system of claim 10, further includinga network interface (NI) operational on the HMC in communication withthe kernel, wherein the NI facilitates transfer of the event request,communication request, and data request from the kernel to the KMwithout knowledge of the event flow.
 16. The system of claim 10, whereinthe kernel provides a backup request to the KM, wherein pursuant to thebackup request the data payload is backed up on the HMC.
 17. The systemof claim 10, wherein the kernel selects at least one of the HMC and theKM to send at least one of the event request, communication request, anddata request of an available plurality of HMCs and KMs in the storagesubsystem.
 18. The system of claim 17, wherein the kernel sends aconfiguration request to the KM to obtain a configuration list of theavailable plurality of HMCs and KMs in the storage subsystem.
 19. Acomputer program product for communication between a kernel operationalon a storage subsystem and a key manager (KM) through a hardwaremanagement console (HMC) to provide encryption support, the computerprogram product comprising a non-transitory computer-readable storagemedium having computer-readable program code portions stored therein,the computer-readable program code portions comprising: a firstexecutable portion that initiates an event request by the kernel to theKM to execute an event flow; and a second executable portion thatprovides a data request by the kernel to the KM, wherein pursuant to thedata request, data including a data payload is sent by the KM to thekernel to provide the encryption support, the data payload correspondingto an event flow suborder type selected by the kernel for the eventflow.
 20. The computer program product of claim 19, further including athird executable portion that, pursuant to a communication request bythe kernel to the HMC, opens a socket of the HMC along a communicationpath between the KM and the kernel according to an additional event flowsuborder type selected by the kernel for the event flow.
 21. Thecomputer program product of claim 20, further including a fourthexecutable portion that, previous to providing the communication requestto open the socket, provides an additional communication request toclose at least one of an open socket of the HMC to perform a clean upoperation.
 22. The computer program product of claim 20, furtherincluding a fourth executable portion that, if a test communicationalong the communication path is unsuccessful, closes the socket, andopens an additional socket of the HMC along an additional communicationpath between the KM and the kernel to perform the providing the datarequest.
 23. The computer program product of claim 19, further includinga third executable portion that, subsequent to data sent by the KM tothe kernel, closes the socket.
 24. The computer program product of claim19, further including a third executable portion that facilitatestransfer of the event request, communication request, and data requestfrom the kernel to the KM without knowledge of the event flow by anetwork interface (NI) of the HMC.
 25. The computer program product ofclaim 19, further including a third executable portion that provides abackup request to the KM, wherein pursuant to the backup request thedata payload is backed up on the HMC.
 25. The computer program productof claim 19, further including a third executable portion that selectsat least one of the HMC and the KM by the kernel to send at least one ofthe event request, communication request, and data request of anavailable plurality of HMCs and KMs in the storage subsystem.
 26. Thecomputer program product of claim 19, further including a fourthexecutable portion that sends a configuration request to the KM toobtain a configuration list of the available plurality of HMCs and KMsin the storage subsystem.
 27. A method of manufacturing a system forcommunication between a kernel operational on a storage subsystem and akey manager (KM) between a hardware management console (HMC) to provideencryption support, comprising: providing the kernel, wherein thekernel: initiates an event request by the kernel to the KM to execute anevent flow, and provides a data request to the KM, wherein pursuant tothe data request, data including a data payload is sent by the KM to thekernel to provide the encryption support, the data payload correspondingto an event flow suborder type selected by the kernel for the eventflow.
 28. The method of manufacture of claim 27, wherein the kernel,pursuant to a communication request by the kernel to the HMC, opens asocket of the HMC along a communication path between the KM and thekernel according to an additional event flow suborder type selected bythe kernel for the event flow.
 29. The method of manufacture of claim28, wherein the kernel, previous to providing the communication requestto open the socket, provides an additional communication request toclose at least one of an open socket of the HMC to perform a clean upoperation.
 30. The method of manufacture of claim 28, wherein thekernel, if a test communication along the communication path isunsuccessful, closes the socket, and opens an additional socket of theHMC along an additional communication path between the KM and the kernelto perform the providing the data request.
 31. The method of manufactureof claim 27, wherein the kernel, subsequent to data sent by the KM tothe kernel, closes the socket.
 32. The method of manufacture of claim27, further including a network interface (NI) operational on the HMC incommunication with the kernel, wherein the NI facilitates transfer ofthe event request, communication request, and data request from thekernel to the KM without knowledge of the event flow.
 33. The method ofmanufacture of claim 27, wherein the kernel provides a backup request tothe KM, wherein pursuant to the backup request the data payload isbacked up on the HMC.
 34. The method of manufacture of claim 27, whereinthe kernel selects at least one of the HMC and the KM to send at leastone of the event request, communication request, and data request of anavailable plurality of HMCs and KMs in the storage subsystem.
 35. Themethod of manufacture of claim 34, wherein the kernel sends aconfiguration request to the KM to obtain a configuration list of theavailable plurality of HMCs and KMs in the storage subsystem.